External resources security

Some external resources might require certificates to be able to interact with them.

Adding certificates inside configuration

To provide certificates inside OnSphere, the usage is to add them to the configuration in the certs/external/ path.

../../_images/external-cert.png

Warning

This modification does not trigger a modules restart, so a manual restarting operation is needed

Note

If you use a hierarchy on the external folder, it will be flatten when injected on the module.

Supported format list :

  • PEM (.pem, .crt, .cer, .key)

  • DER (.der, .cer)

  • PKCS#7 (.p7b, .p7c)

  • PKCS#12 (.pfx, .p12)

Note

Certificates will be converted internally to PEM format and given to modules via the configuration. Only the PEM will be transferred.

When a chain is given, the conversion will generate two file for the module. For example, chain.crt will generate chain-1.crt and chain-2.crt for the module.

If the full chain is needed, you can use the resource to inject it on the module.